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AMENDMENTS TO THE CLAIMS 

This listing of claims will replace all prior versions and listings of cltdxns in the 

application: 

LISTING OF CLAIMS: 

1 . (Previously Presented) A process for protecting a computer from hostile code, 

the process comprising: 

defining at least two trust groups, each of the defined trust groups being characterized by 
a trust group value; 

assigning objects and processes in the computer to one of said trust groups, irrespective 
of the rights of a user of said computer; 
defining at least two object types; 
assigning an object type to each of the objects; 

defining an action rule for each combination of process trust group value, object trust 
group value, and object type; and, 

upon an access request by a requesting process to a target object, performing the action 
indicated by the action rule applicable to the trust group value of the requesting process, the trust 
group value of the target object, and (he object type. 

2. (Previously Presented) The process of claim 1 wherein a process is assigned 
upon creation to the trust group assigned to the passive code from which the process is created. 
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3. {Previously Presented) The process of claim 1 further comprising changing the 
trust group of the process if the trust group value of the process is greater than the trust group 
value of the object. 

4. (previously Presented) The process of claim 1 further comprising changing the 
trust group of said object after performing said action. 

5. {Previously Presented) The process Of claim 1 further comprising, upon creation 
of an object by a process, assigning said created object to the trust group of said process. 

6. {Previously Presented) The process of claim 1 further comprising defining at 
least two operation types and wherein said combination includes at least one of said operatioi) 
types. 

7. {Canceled). 

8. {Currently Amended) The process of claim [[7]] 3 further comprising assigning 
said process to the trust group of said object if the trust group of said process is higher than the 
trust group of said object. 

9, {Currently Amended) The process of claim ((7]] 1, wherein upon a restart of said 
process, the trust group of said process reverts to the original trust group of the object j&om 
which the process was created. 

10. {Previously Presented) The process of claim 1 further comprising: 



3 



PAGE 6/17'RCVDAT10/24120055:00:45PM [Eastern D^^^^ 



OCT-24-2005 14=20 



SUGHRUE MI ON 



650 625 8110 P. 



Atty. Docket No.: CQ10139 
PATENT APPLICATION 

AMENDMENT UNDER 37 C.RR. § l.U4(c) 
U.S. Application No.: 10/037,560 

defining at least two process types; 

assigning processes to one of said process types; and 

and wherein said combination includes at least one of said process types. 

1 1. (Previously Presented) The process of claim 1, wherein said object types 
comprise passive code and executable code. 

12. (Previously Presented) The process of claim 6, wherein said operation types 
comprise open, read, create, modify, and delete. 

13. (Previously Presented) A computer-readable medium comprising computer 
readable instructions for protecting a computer from hostile code, the instructions causing the 
computer to; 

define a plurality of trust group values; 

define a first and a second rule sets, each of said rule sets comprising a plurality of rules 
defining an action based on an operation type; 

identify objects and processes within the computer; 

define a table of at least two trust groups, wherein each trust group comprise one trust 
group value and said first and second rule sets; and 

assign objects and processes in the computer to one of said ttust groups irrespective of the 
rights of a user of said computer; 

whereby upon operation of a process over an object, the computer is configured to: 

compare a trust group value of the process with a trust group value of the object; 
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determine whether to allow the operation by following the rules of said first rule set if the 
trust group value of the process is not smaller than the trust group of the object and 

following the rules of said second rule set if the trust group value of the process is smaller 
than the trust group value of the object. 

14. (Preyiousfy Presented) The computer-readable medium of claim 13 further 
comprising instructions causing the computer to: 

define a table of types of at least two types of objects, the objects in the computer being 
assigned one type; and 

wherein said plurality of rules define said actions further based on the type of said object. 

15. (Previously Presented) The computer-readable medium of claim 13, wherein said 
operation type comprises open, read, create, modify, and delete. 

16. (Previously Presented) The computer-readable medium of claim 14, wherein said 
types of objects comprise passive code and executable code. 

17. (Canceled). 

18. (Canceled). 

19. (Previously Presented) The computer-readable medium of claim 13, wherein the 
computer is operatively coupled to a network, the network including a server, the table of trust 
groups stored in said server. 
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20. (Canceled), 

2L (Previously Presented) A computer-readable medium according to claim 17, 
wherein the computer is operative! y coupled to a network, the network including a server, the 
table of rules is stored in said server. 

22, (Canceled). 

23. (Previously Presented) A computer comprising: 
a random access memory (RAM); 

a non-volatile memory; 

a processor coupled to said RAM and said non-volatile memory; 
wherein said non-volatile memory comprises: 
a list of object types; 

a list of niles each of said rules defining an action based on an object type; 
a list of object trust groups, each trust group defining an object trust value and 
coupled to at least one of said rules; 

a plurality of objects, each of said objects having an object type and assigned to 
one of said trust groups; 
and wherein when a process is created in said RAM from an originating object of one of 
said objects, said processor assigns to said process a process trust value equal to the object trust 
value of said originating object, 
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24. (Previously Presented) The computer of claim 23, further comprising a controller 
receiving operation requests from said process to be perfonned od a target object of one of said 
objects and, upon receiving said requests said controller access said list of object trust groups, 
list of rules, and list of object type to determine whether to allow the operation. 

25. (Canceled). 

26. (Previously Presented) The computer of claim 24, wherein when the controller 
allows Che operation request but the process trust value is lower than the target object trust value, 
said processor resets the process trust value equal to that of the target object trust value. 
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